Network2/Security: Difference between revisions
< Network2
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
Line 1: | Line 1: | ||
{{Network2 header}} |
{{Network2 header}} |
||
This ''optional'' section is included merely to offer some hints about where we think [[Communications security|communications security]] ought to be headed. |
This ''optional'' section is included merely to offer some hints about where we think [[Communications security|communications security]] ought to be headed. |
||
Revision as of 23:53, 26 July 2009
This optional section is included merely to offer some hints about where we think communications security ought to be headed.
- Spoofing, Integrity, Confidentiality. See communications security and petnames for some background. A very rough road along which something reasonable might lie:
- Use physical introduction to CNAME cscott.michael.laptop.org to <key>.cscott.laptop.org.
- Then, my dnscurve-compatible DNS resolver will refuse to give me addresses unless the nameserver I contact for cscott proves knowledge of cscott's private key.
- Then I have a nice basis with which to configure IPsec security associations.
- System Integrity
- DoS